package com.fahai.common;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;

import javax.annotation.Resource;


/**
 * Created by sky on 17/5/5.
 * spring security 的权限与角色配置类
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AuthProvider authProvider;

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/resources/**","/assets/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/resources/**","/assets/**").permitAll()
                .antMatchers("/login", "/submitLoginParam").permitAll()
//                .antMatchers("/promotion/list").access("@webSecurityConfig.checkLoginusr(authentication)")
//                .antMatchers("/promotion/material_download").access("@webSecurityConfig.checkLoginusr(authentication)")
//                .antMatchers("/resources/**","/signup","/about").permitAll()       //允许访问多个请求
//                .antMatchers("/admin/**").hasRole("ADMIN")    //只有ROLEADMIN 才能访问此目录,注意没有使用ROLE前缀
//                .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")    //只有ROLEADMIN和ROLEDBA才能访问,注意没有使用ROLE前缀
                .anyRequest().authenticated()

                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/404")
                .permitAll()

                .and()
                .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login")
                .clearAuthentication(true)      //清除认证缓存
                .invalidateHttpSession(true)    //让httpSession失效
                .deleteCookies("JSESSIONID")           //显式的去除cookies
                .permitAll();
        http.csrf().disable();    //跨站请求伪造, 默认开启,这里关闭,生产环境打开
//        http.exceptionHandling().authenticationEntryPoint(webPageAndAPIEntryPoint);
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider);
        auth.eraseCredentials(false); //登陆后保留密码
    }

    /**
     * springSecurity 验证用户是否登陆,暂时无用
     */
    public boolean checkLoginusr(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserPrincipal) {
            return ((UserPrincipal) principal).getUserid().intValue() > 0 ? true : false;
        } else {
            return false;
        }
    }

}


